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1 . (Currently Amended) A method for controlling access to a private computer system 
comprising: 

operativelv connecting an im trusted computer between said private computer system and 
an external computer such that said external computer is prev ented from communic ating directly 
with said private computer system: 

classifying applications running on ttst said untrusted computer system as running in one 
of a trusted application execution context and an untrusted application execution context; and 

preventing an application on said untrusted computer system from initiating a connection 
with n trusted said privi ite computer system unless said untrusted computer system is running 
said application in said trusted application execution context, 

wherein only said untrusted application execution contexts of said applications on said 
untrusted system can communicate directly with said external computer system . 

2. (Currcnlly Amended) The method in claim 1 , wherein said trusted private computer 
system can initiate connections with any execution context on said untrusted computer system. 

3. (Original) The method in claim I, wherein only said untrusted application execution 
contexts on said untrusied system can initiate connections with said external computer system. 

4. (Original) The Method in claim 1 > wherein said applications ore classified as having said 
trusted application execution contexts and said untrusted application execution contexts based on 
distinctive application execution context names. 

5. (Original) The method in claim 4, wherein a human administrator of said untrusted 
system assigns said distinctive application execution context names. 

6. (Original) The method in claim 4, wherein said applications cannot change the names of 
respective execution contexts in which said applications are running, 
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7. (Original) The method in claim 4, wherein said applications cannot change the name of 
any execution con lex I in said untrusted computer system. 

8. (Original) The method in claim 1 , wherein connections originating on said external 
system can terminate only at said untrusted system and only at said untrusted execution contexts 
therein. 

9. (Original) The n tethod in claim 1 , wherein said untrusted application execution contexts 
are fenced ofT from said untrusted computer system such that said untrusted application 
execution application contexts cannot interrogate or change critical system data of said untrusted 
computer system. 

1 0. (Currently Amended) A method for controlling access to a trust e d private computer 
system comprising: 

operatively connecting an untrusted system between said private computer system and an 
external computer such that said external computer is prevented from communicating directly 
with said private computer system; 

determining a name of an execution context of an application running on m said 
un trus ted system ; 

determining whether said execution context is trusted or untrusted based on said name; 

if said execution context is trusted, permitting said application to initiate a connection 
with said trusted private system, and 

if said execution context is untrusted, preventing said application from initiating a 
connection with said trust e d private computer system, 

wherein only untrusted application execution contexts on said untrusted system can 
communicate directly with said external computer system . 
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1 1 . (Currently Amended) The method in claim 10, wherein said trusted private computer 
system can initiate connections with any execution context on said untrusted computer system. 

1 2. (Original) The method in claim t 0, wherein only said untrusted application execution 
contexts on said untrustt*! system can initiate connections with an external computer system. 

13. (Original) The method in claim 1 0, wherein said execution context name was previously 
assigned by a human administrator. 

14. (Original) The method in claim 1 0, wherein there are a plurality of applications running 
on said untrusted computer system, one of said applications having a trusted execution context 
and another of said applications having an untmsLed execution context. 

15. (Original) The method in claim 1 4, wherein said applications cannot change names of the 
respective execution contexts in which said applications are running. 

1 6. (Original) The method in claim 14, wherein said applications cannot change the name of 
any execution context in said untrusted computer system. 

1 7. (Original) The method in claim 1 0, wherein connections originating on an external 
system can terminate only at said untrusted system and only at said untrusted execution contexts 
therein. 

1 8. (Original) The method in claim 1 0, wherein said untrusted application execution contexts 
are fenced off from said untrusted computer system such that said untrusted application 
execution application contexts cannot interrogate or change critical system data of said untrusted 
computer system. 
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19. (Currently Amended) A program storage device readable by machine, tangibly 
embodying a program cf instructions executable by the machine to perform a method for 
controlling access priva te to a computer system, said method comprising: 

operativelv connecting an untrusted computer between said private computer system and 
an external computer such that said external computer is prevented from communicating directly 
with said private computer system: 

classifying applications running on an untrusted computer system as running in one of a 
(rusted application execution context and an untrusted application execution context; and 

preventing an application on said untrusted computer system from initiating a connection 
with a trusted said private computer system unless said untrusted computer system is running 
said application in said trusted application execution context, 

wherein only said untrusted application execution contexts of said applications on said 
untrusted system can communicate directly with said external computer system . 

20. (Currently Amended) The program storage device in claim 19, wherein said tftedted 
private computer system can initiate connections with any execution context on said untrusted 
computer system. 

21 . (Original) The program storage device in claim 19, wherein only said untrusted 
application execution contexts on said untrusted system can initiate connections with said 
external computer system. 

22. (Original) The program storage device in claim 19, wherein said applications are 
classified as having said trusted application execution contexts and said untrusted application 
execution contexts based on distinctive application execution context names. 

23. (Original) The program storage device in claim 22, wherein a human administrator of 
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said untrusted system assigns said distinctive application execution context names. 

24. (Original) The program storage device in claim 22, wherein said applications cannot 
change names of respective execution contexts in which said applications are running. 

25. (Original) The method in claim 22, wherein said applications cannot change the name of 
any execution context in said untrusted computer system, 

26. (Original) The program storage device in claim 1 9, wherein connections originating on 
said external system can terminate only at said untrusted system only at said untrusted execution 
contexts therein. 

27. (Original) The program storage device in claim 19, wherein said untrusted application 
execution contexts are fenced off from said untrusted computer system such that said untrusted 
application execution contexts caimot interrogate or change critical system data of said untrusted 
computer system. 

28. (Currently Amended) A system for controlling access to a network comprising: 
a trusted private computer system; 

an untrusted computer system connected between said trusted private computer system 
and to an external computer system, such that said external computer is prevented from 
communicating directly with said private computer system; 

wherein said untrusted system includes applications classified as having trusted 
application execution contexts and untrusted application execution contexts, and 

wherein only said trusted application execution contexts can initiate connections with 
said trusted private computer system ^ and 

wherein only said untrusted application execution contexts of said applications on said 
untrusted system can communicate directly with said external computer system . 
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29. (Currently Amended) The system in claim 28, wherein said trusted Bfriygte computer 
system can initiate conductions with any execution context on said untrustcd computer system, 

30. (Original) The system in claim 28, wherein only said untrustcd application execution 
contexts on said untrustt:d system can initiate connections with said external computer system. 

3 1 . (Original) The system in claim 28, wherein said applications are classified as having said 
trusted application execution contexts and said untrustcd application execution contexts based on 
distinctive application execution context names. 

32. (Original) The system in claim 3 1 , wherein a human administrator of said untrusted 
system assigns said distinctive application execution context names. 

33. (Original) The system in claim 3 1 , wherein said applications cannot change the names of 
respective execution contexts in which said applications are running. 

34. (Original) The Method in claim 31, wherein said applications cannot change the name of 
any execution context i:i said untrusted computer system. 

35. (Original) The system in claim 28, wherein connections originating on said external 
system can terminate only at said untrusted system and only at said untrusted execution contexts 
therein. 

36. (Original) The system in claim 28, wherein said untrusted application execution contexts 
are fenced off from said untrusted computer system such that said untrusted application 
execution application contexts cannot interrogate or change critical system data of said untrusted 
computer system. 
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